1 Reply Latest reply on Jul 16, 2008 10:06 PM by ragavgomatam

    Obtain the plaintext password in LoginModule

    filip.majernik
    filip.majernik Jun 18, 2008 10:02 AM

      Hi everybody,
      I am coding a custom LoginModule for jboss to work with a web application(using j_security_check and FORM based authentication). MyLoginModule class implements the LoginModule interface. What I want to do is try to connect to an Oracle database with the username and password provided from the webapp and return true if it succeeds.

      My problem is: I use the PasswordCallback and than the method getPassword():

      ...
      NameCallback nameCallback = new NameCallback("Username"); PasswordCallback passwordCallback = new PasswordCallback("Password", true);
      Callback[] callbacks = new Callback[]{nameCallback, passwordCallback};

      try {
      callbackHandler.handle(callbacks);
      username = nameCallback.getName();

      char[] password = passwordCallback.getPassword();
      ...

      But the password I obtain is encrypted (I suppose some message diggest) and therefor my attempt to connect to the database always fails.

      If anyone knows how to get the password in plaintext, please help.
      Thanks,
      Filip

      • 1519 Views
      • Tags:
        • 1. Re: Obtain the plaintext password in LoginModule
          ragavgomatam
          ragavgomatam Jul 16, 2008 10:06 PM (in response to filip.majernik)

          Password from Browser is encrypted ????? That too with FORM authentication ?? Can you please verify & confirm ? Or is it encrpyted in the database with which you want to compare ? Then you might want to ask your DBA about the algorithm for encryption (usually RSA or SHA-1). Then use those for decrypting & then comparing

            • Actions